Home Linux LibreNMS Monitoring & Alerting your Enterprise Network Easily

LibreNMS Monitoring & Alerting your Enterprise Network Easily

by Lakindu Jayasena
4.2k views 12 mins read
Librenms Installation

LibreNMS is an open-source network monitoring tool that can monitor a wide range of network devices such as Cisco, Juniper, Brocade, HP, Fortigate, and also different operating systems such as Linux, Windows as well and pretty much anything that supports SNMP polling.

The top features of LibreNMS monitoring tool:

  • Automatic Discovery – It will automatically discover your entire network using CDP, FDP, LLDP, OSPF, BGP, SNMP, and ARP.
  • Customizable Alerting – Supports customizable alerting system to sends notifications through email, IRC, slack, and more.
  • Customizable Dashboards – It has a mobile-friendly Web UI, with customizable dashboards.
  • Integration Support – Supports integration with NfSen, collected, SmokePing, RANCID, and Oxidized.
  • Multiple Authentication Methods – Supports multiple authentication methods such as MySQL, HTTP, LDAP, Radius, and Active Directory.
  • Billing system – Easily generate bandwidth bills for ports on your network based on usage or transfer.
  • API Access – Supports an API for managing, graphing, and retrieving data from your system.
  • Automatic Updates – With LibreNMS you get to stay up to date automatically with new features and bug fixes.

For more details related to features and supported vendors, please visit: https://docs.librenms.org/Support/Features/

This post will explain you through the steps to install and configure LibreNMS with Nginx web server on a CentOS 8 server. Also throughout this tutorial, I assume you are the root user to issue the commands.

Step 1 – Installing Required Packages & Prerequisites

Disabling SELinux

Edit /etc/selinux/config file and change SELINUX=enforcing parameter to SELINUX=disabled like below & reboot the server to affect the changes:

 vim /etc/selinux/config SELINUX=disabled reboot 

Installing EPEL Repository & Required Dependencies

 yum -y update yum -y install epel-release yum module reset php yum module enable php:7.3 yum -y install bash-completion git cronie fping ImageMagick mtr net-snmp net-snmp-utils nmap rrdtool unzip tar wget python3 python3-PyMySQL python3-redis python3-memcached python3-pip 

Install Nginx, MariaDB and PHP

 yum -y install nginx yum -y install mariadb mariadb-server yum -y install php-fpm php-cli php-common php-curl php-gd php-json php-mbstring php-process php-snmp php-xml php-zip php-mysqlnd 

Add librenms user

 useradd librenms -d /opt/librenms -M -r -s "$(which bash)" 

Download LibreNMS & Set Permissions

 cd /opt git clone https://github.com/librenms/librenms.git chown -R librenms:librenms /opt/librenms chmod 771 /opt/librenms setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ setfacl -R -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ 

Install PHP Dependencies

 su - librenms ./scripts/composer_wrapper.php install --no-dev exit 

Step 2 – Configure the Installed Packages

Configure the PHP TimeZone

Ensure the date.timezone is set in php.ini file to your time zone. Get the list of supported timezones in this link https://www.php.net/manual/en/timezones.php

 vim /etc/php.ini date.timezone = "Asia/Colombo" #Also set the system time zone as the same. timedatectl set-timezone Asia/Colombo 

Configure MariaDB Database

Librenms using MySQL database to store all the data. In this post I will using the MariaDB version.
Edit the mariadb0server.cnf file located under /etc/my.cnf.d/ and add the following in section [mysqld].

 vi /etc/my.cnf.d/mariadb-server.cnf [mysqld] innodb_file_per_table=1 lower_case_table_names=0 #Enable and restart the service systemctl enable mariadb systemctl restart mariadb 

By default MariaDB initial installation is not sure and anyone can get into your database. To secure it, run the following commands and foollow the instruction to complete.

 mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! 

Now we need to create a database and a user for librenms like below

 mysql -u root -p mysql> CREATE DATABASE librenms CHARACTER SET utf8 COLLATE utf8_unicode_ci; mysql> CREATE USER 'librenms'@'localhost' IDENTIFIED BY 'password'; mysql> GRANT ALL PRIVILEGES ON librenms.* TO 'librenms'@'localhost'; mysql> FLUSH PRIVILEGES; mysql> exit 

Configure PHP-FPM

For PHP-FPM to work with Nginx, we need to make changes to the config file

 cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/librenms.conf vi /etc/php-fpm.d/librenms.conf # Change "www" to "librenms" [librenms] # Change user and group to "librenms" user = librenms group = librenms # Change listen to a unique name listen = /run/php-fpm-librenms.sock 
Configure PHP-FPM

Configure Nginx Web Server

LibreNMS is a web-based application and here we are using a Nginx web server to host it.
I will create a new virtual host file librenms.conf in the Nginx conf.d directory by running the following:

Also see https://mytechnix.com/nginx-best-practices-on-initial-setup/ for more details.

 vi /etc/nginx/conf.d/librenms.conf server { listen 80; server_name librenms.example.com; root /opt/librenms/html; index index.php; charset utf-8; gzip on; gzip_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ [^/]\.php(/|$) { fastcgi_pass unix:/run/php-fpm-librenms.sock; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi.conf; } location ~ /\.(?!well-known).* { deny all; } } 
 systemctl enable --now nginx systemctl enable --now php-fpm 

Allow fping

Create the file http_fping.tt with the following contents. You can create this file anywhere, as it is a throw-away file. The last step in this install procedure will install the module in the proper location.

 vim /tmp/http_fping.tt module http_fping 1.0; require { type httpd_t; class capability net_raw; class rawip_socket { getopt create setopt write read }; } #============= httpd_t ============== allow httpd_t self:capability net_raw; allow httpd_t self:rawip_socket { getopt create setopt write read }; 
 #Then run these commands cd /tmp checkmodule -M -m -o http_fping.mod http_fping.tt semodule_package -o http_fping.pp -m http_fping.mod semodule -i http_fping.pp 

Allow Access through Firewall (if required)

We can either disable the firewalld or else allow access through the firewalld by using the following commands.

 firewall-cmd --zone public --add-service http firewall-cmd --permanent --zone public --add-service http firewall-cmd --zone public --add-service https firewall-cmd --permanent --zone public --add-service https 

Enable lnms command completion (optional)

This feature grants you the opportunity to use the tab for completion on lnms commands as you would for normal linux commands.

 ln -s /opt/librenms/lnms /usr/local/bin/lnms cp /opt/librenms/misc/lnms-completion.bash /etc/bash_completion.d/ 

Configure snmpd (optional)

Copy the sample config file to snmpd installed location (/etc/snmp/) and replace RANDOMSTRINGGOESHERE and to your own community string.

 vi /etc/snmp/snmpd.conf rocommunity RANDOMSTRINGGOESHERE 127.0.0.1 #Enable and restart the service systemctl enable snmpd systemctl restart snmpd 

Add Cron job

 cp /opt/librenms/librenms.nonroot.cron /etc/cron.d/librenms 

Copy logrotate config

LibreNMS keeps logs in /opt/librenms/logs. Over time these can become large and be rotated out. To rotate out the old logs you can use the provided logrotate config file:

 cp /opt/librenms/misc/librenms.logrotate /etc/logrotate.d/librenms 

Step 3 – Start the Web Installer

Now go the web browser and type the http://librenms.example.com/install URL and it will start the Web Installer. Then follow the screenshots mention below.

If all checks are passed, click the database icon.

Run Web Installer

Provide the Database name and credentials.

Add Database Credintials

Click Build Database to start the database installation.

Start Build Database

Create and admin account for login.

Create Admin Account

Once all above steps are done, you will get following screen.

Finsish Web Installation

Now you can login to the LibreNMS and it will automatically navigate you to configuration validation page.

Login to the LibreNMS

If any failures on config validation page, do the fixes as they given. In this case I have fixed the following permission issue by following commands.

 sudo chown -R librenms:librenms /opt/librenms sudo setfacl -d -m g::rwx /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ sudo chmod -R ug=rwX /opt/librenms/rrd /opt/librenms/logs /opt/librenms/bootstrap/cache/ /opt/librenms/storage/ 
Validate the Config

Finally you can add your SNMP enabled devices in the Devices section.

Add New Device

Related Articles

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.